Privacy Notice

This Privacy Notice sets out what personal data we, Hope Leigh Marketing Group, hold about you and how we collect and use it.

We are required by data protection law to give you the information in this Privacy Notice. It is important you read the Privacy Notice carefully, together with any other information that we might give you from time to time about how we collect and use your personal data. You should also read our Data Protection Policy which explains our obligations in relation to personal data and how we keep it secure.

This Privacy Notice applies from August 13, 2020 in compliance with the General Data Protection Regulations. We may update this Privacy Notice at any time.

Who is the controller?

Hope Leigh Marketing Group is the “controller” for the purposes of data protection law. This means we are responsible for deciding how we hold and use personal data about you.

What type of personal data do we hold about you?

Personal data means any information relating to a living individual who can be identified (directly or indirectly) in particular by reference to an identifier (e.g. name, company they work for, email address, physical features). It can be factual (e.g. contact details or date of birth), an opinion about an individual’s actions or behavior, or information that may otherwise impact that individual in a personal or business capacity.

We may hold various types of personal data about you, including, for example your name, email address, postal address and contact telephone number.

Our website site uses cookies to store information on your computer. Some of these cookies are essential to make our site work and others help us to improve by giving us some insight into how the site is being used. These cookies are set when you submit a form or interact with the site by doing something that goes beyond clicking some simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of this site.

We use Google Analytics that tracks Users and Active Users metrics to show how many users engaged with our site.

In order for Google Analytics to determine which traffic belongs to which user, a unique identifier associated with each user is sent with each hit. This identifier can be a single, first-party cookie named _ga that stores a Google Analytics client ID.

HubSpot Analytics (HubSpot, Inc.)

HubSpot Analytics is an analytics service provided by HubSpot, Inc.

Personal Data processed: Cookies; Usage Data.

Place of processing: United States – Privacy Policy– Opt Out.

Category of personal data collected according to CCPA: internet information.

This processing constitutes a sale based on the definition under the CCPA. In addition to the information in this clause, the User can find information regarding how to opt out of the sale in the section detailing the rights of Californian consumers.

To control third party cookies, you can also adjust your browser settings.

Data protection law divides personal data into two categories: ordinary personal data and special category data. Any personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, or biometric or genetic data that is used to identify an individual is known as special category data. (The rest is ordinary personal data).

Why do we hold your personal data and on what legal grounds?

We hold and use your ordinary personal data for business administration purposes. This will include, for example: meeting our contractual obligations, management of your account, day-to-day business activities such as quotations or invoicing etc.

Data protection law specifies the legal grounds on which we can hold and use personal data.

Most commonly, we rely on one or more of the following legal grounds when we process your personal data:

• Where we need it to perform the contract we have entered into with you (performance of the contract) a contract for services or another type of contract.
• Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (legitimate interest). This may include, for example, sending information regarding products and services that may be of interest to you.

How do we collect your personal data?

You provide us with most of the personal data about you that we hold and use, face to face, over the phone or online. Other personal data about you we hold and use is generated by you in the course of carrying out our duties. For example, during email correspondence with our staff.

Some of the personal data we hold and use about you is provided by or generated from internal sources during the course of running our business.

What is the purpose of collecting this data?

We use this data to provide services to you as an individual or to your company, for administrative purposes and to send communications (when agreed to) from time to time regarding products and services that you might be interested in.

If you give us someone else’s personal data

Sometimes, you might provide us with another person’s personal data – e.g. details of a colleague. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data.

Who do we share your personal data with?

We will not share your personal data with third parties without asking your permission first.

Consequences of not providing personal data

We only store the data that we actually need to administer your account and won’t keep it any longer than necessary. We may not be able to meet your account requirements if we do not have this data.

How long will we keep your personal data?

We will not keep your personal data for longer than we need it for our legitimate purposes. We take into account the following criteria when determining the appropriate retention period for personal data:

• the amount, nature, and sensitivity of the personal data
• the risk of harm from unauthorized use or disclosure
• the purposes for which we process your personal data and how long we need the particular data to achieve these purposes
• how long the personal data is likely to remain accurate and up-to-date
• for how long the personal data might be relevant to possible future legal claims
• any applicable legal, accounting, reporting or regulatory requirements that specify how long certain records must be kept

It is difficult to specify ahead of time precisely how long we will keep particular items of personal data. We may often keep particular items of your personal data for less time. However, there may also be circumstances in which it is appropriate for us to keep particular items of your personal data for a longer period than that set out. In particular, we will always keep your personal data for so long as we are required to do so under legal, accounting, reporting or regulatory requirements.

In addition, for some types of personal data, it is more appropriate to decide retention periods on a case-by-case basis (also using the criteria described above).

We will base these decisions on relevant circumstances, taking into account the criteria listed above.

Solely automated decision-making

Solely automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not currently use solely automated decision-making.

Transferring personal data outside the EEA

An overseas transfer of personal data takes place when the data is transmitted or sent to, viewed, accessed or otherwise used in, a different country. Data protection law restricts transfers of personal data to countries outside of the European Economic Area (EEA) because the law in those countries might not provide the same level of protection to personal data as the law in the EEA. To ensure that the level of protection afforded to personal data is not compromised, therefore, we are only able to transfer your personal data outside the EEA if certain conditions are met, as explained below.

We may transfer some of your personal data to the following countries outside the EEA: United States of America.

• There is an adequacy decision by the European Commission in respect of The USA. This means that The USA is deemed to provide an adequate level of protection for your personal data.

Your rights

You have a number of legal rights relating to your personal data, which are outlined here:

• The right to make a subject access request. This enables you to receive certain information about how we use your personal data, as well as to receive a copy of it and to check that we are lawfully processing it.
• The right to request that we correct incomplete or inaccurate personal data that we hold about you.
• The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing.
• The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
• The right to object to a decision based on profiling/solely automated decision-making, including the right to voice your opinion, and obtain human intervention in the decision-making.

If you have any questions or concerns about how your personal data is being used by us, or if you would like to exercise any of the above rights, please contact the Data Protection Champion(s) via email at info@hopeleighmarketing.com in writing. Note that these rights are not absolute and in some circumstances, we may be entitled to refuse some or all of your request.

Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk.

Information for California consumers

This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the business running this Website and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).

The provisions contained in this section apply to all Users who are consumers residing in the state of California, United States of America, according to “The California Consumer Privacy Act of 2018” (Users are referred to below, simply as “you”, “your”, “yours”), and, for such consumers, these provisions supersede any other possibly divergent or conflicting provisions contained in the privacy policy.

This part of the document uses the term “personal information“ as it is defined in The California Consumer Privacy Act (CCPA).

Categories of personal information collected, disclosed or sold

In this section we summarize the categories of personal information that we’ve collected, disclosed or sold and the purposes thereof. You can read about these activities in detail in the section titled “Detailed information on the processing of Personal Data” within this document.

Information we collect: the categories of personal information we collect

We have collected the following categories of personal information about you: identifiers, commercial information and internet information.

We will not collect additional categories of personal information without notifying you.

How we collect information: what are the sources of the personal information we collect?

We collect the above mentioned categories of personal information, either directly or indirectly, from you when you use this Website.

For example, you directly provide your personal information when you submit requests via any forms on this Website. You also provide personal information indirectly when you navigate this Website, as personal information about you is automatically observed and collected. Finally, we may collect your personal information from third parties that work with us in connection with the Service or with the functioning of this Website and features thereof.

How we use the information we collect: sharing and disclosing of your personal information with third parties for a business purpose

We may disclose the personal information we collect about you to a third party for business purposes. In this case, we enter a written agreement with such third party that requires the recipient to both keep the personal information confidential and not use it for any purpose(s) other than those necessary for the performance of the agreement.

We may also disclose your personal information to third parties when you explicitly ask or authorize us to do so, in order to provide you with our Service.

To find out more about the purposes of processing, please refer to the relevant section of this document.

Sale of your personal information

For our purposes, the word “sale” means any “selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic means, a consumer’s personal information by the business to another business or a third party, for monetary or other valuable consideration”.

This means that, for example, a sale can happen whenever an application runs ads, or makes statistical analyses on the traffic or views, or simply because it uses tools such as social network plugins and the like.

Your right to opt out of the sale of personal information

You have the right to opt out of the sale of your personal information. This means that whenever you request us to stop selling your data, we will abide by your request.

Such requests can be made freely, at any time, without submitting any verifiable request, simply by following the instructions below.

Instructions to opt out of the sale of personal information

If you’d like to know more, or exercise your right to opt out in regard to all the sales carried out by this Website, both online and offline, you can contact us for further information using the contact details provided in this document.

What are the purposes for which we use your personal information?

We may use your personal information to allow the operational functioning of this Website and features thereof (“business purposes”). In such cases, your personal information will be processed in a fashion necessary and proportionate to the business purpose for which it was collected, and strictly within the limits of compatible operational purposes.

We may also use your personal information for other reasons such as for commercial purposes (as indicated within the section “Detailed information on the processing of Personal Data” within this document), as well as for complying with the law and defending our rights before the competent authorities where our rights and interests are threatened or we suffer an actual damage.

We will not use your personal information for different, unrelated, or incompatible purposes without notifying you.

Your California privacy rights and how to exercise them

The right to know and to portability

You have the right to request that we disclose to you:

• the categories and sources of the personal information that we collect about you, the purposes for which we use your information and with whom such information is shared;
• in case of sale of personal information or disclosure for a business purpose, two separate lists where we disclose:
  • for sales; the personal information categories purchased by each category of recipient.
  • for disclosures for a business purpose; the personal information categories obtained by each category of recipient.

The disclosure described above will be limited to the personal information collected or used over the past 12 months.

If we deliver our response electronically, the information enclosed will be “portable”, i.e. delivered in an easily usable format to enable you to transmit the information to another entity without hindrance – provided that this is technically feasible.

The right to request the deletion of your personal information

You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as, including but not limited to, where the information is used to identify and repair errors on this Website, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights etc.).

If no legal exception applies, as a result of exercising your right, we will delete your personal information and direct any of our service providers to do so.

How to exercise your rights

To exercise the rights described above, you need to submit your verifiable request to us by contacting us via info@hopeleighmarketing.com.

For us to respond to your request, it’s necessary that we know who you are. Therefore, you can only exercise the above rights by making a verifiable request which must:

• provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative;
• describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession actually relates to you.

If you cannot personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf.

If you are an adult, you can make a verifiable request on behalf of a minor under your parental authority.

You can submit a maximum number of 2 requests over a period of 12 months.

Hope Leigh Marketing Group © 2024